Privacy

The court case that could sink safe harbor. The next defining blow to data transfers between the United States and the European Union could be a transatlantic own goal.

The 2nd U.S. Circuit Court of Appeals in New York will decide within months whether the U.S. government can force Microsoft to hand over emails stored on a server in Ireland in a drug-trafficking investigation.
Safe harbor agreement ‘unlikely’ by deadline. See how Google modifies the results for a #safeharbor search. The @Gizmondo article is good. El día del cataclismo: El ECJ anula el acuerdo Safe Harbor USA-EU - Analítica Inteligente.

Safe Harbor no more Si trabajas en la industria digital, es casi imposible que no sepas que el acuerdo Safe Harbor que hasta ahora protegía la transferencia de datos personal a USA ya no es válido. Un par de ejemplos de lo que se dice por ahí:
The collapse of the US-EU Safe Harbor: Solving the new privacy Rubik’s Cube. When people who care about technology look back at the year 2015, they will remember October as the month when the EU-U.S. Safe Harbor collapsed. An international legal agreement that has been in place for 15 years was invalidated in a single day.
Irish privacy regulator concedes must investigate Facebook data. Apple’s Tim Cook Delivers Blistering Speech On Encryption, Privacy.

Cook spoke remotely to the assembled audience on guarding customer privacy, ensuring security and protecting their right to encryption. “Like many of you, we at Apple reject the idea that our customers should have to make tradeoffs between privacy and security,” Cook opened. “We can, and we must provide both in equal measure. We believe that people have a fundamental right to privacy.
Transfer of personal data to US may constitute an offence. Details Parent Category: Finland Category: Domestic 08 Oct 2015 A decision by the European Court of Justice to beef up data protection can result in the criminalisation of the transfer of personal data to the United States.

“The decision by the court of justice establishes a backdrop for there being a genuine risk of meeting the elements of an offence,” estimates Jussi Tapani, a professor of criminal law at the University of Turku.
Weirdness. @Microsoft uses #SafeHarbor ruling in battle w/ US govt over access to its data center in Ireland. European Court of Justice Safe Harbor ruling - Business Insider. David Ramos/Getty ImagesFounder and CEO of Facebook Mark Zuckerberg speaks during his keynote conference during the first day of the Mobile World Congress 2015 in Barcelona.

#CISA — The biggest threat to the future of transatlantic data sharing #SafeHarbor. CISA — The biggest threat to the future of transatlantic data sharing. CISA — The biggest threat to the future of transatlantic data sharing This article was co-authored by Access Policy Analyst Estelle Massé.

Safe Harbor; data protection authorities; CJEU; enforcement; international data tranfers; General Data Protection Regulation; Article 29 Working Party; « Privacy and information law blog. A lot is being said about the CJEU’s ruling on Safe Harbour.

Without any doubt, for the privacy community this is the most important legal development since the EU Commission’s announcement of a revision to the Data Protection Directive of 1995. What the Court’s ruling shows us is that privacy has become a major area of law and an absolute priority in terms of compliance for any company.

Among the many issues that this decision raises, I’d like to focus on two key issues. The first is enforcement. Many companies are wondering what is the risk for them now that Safe Harbor has been pronounced invalid. As a practitioner, however, I think we need to analyse the Court’s decision in a practical and pragmatic manner. Technically, I’m not sure this is feasible, and, certainly, this would have a devastating effect on our economy and on the relations between the EU and the U.S.
European Court Chief Defends Decision to Strike Down Data-Transfer Agreement. The new president of the European Union’s top court defended its decision last week to strike down a data-transfer agreement with the U.S., agreeing the decision risked disrupting businesses but arguing the court was right to stand up for fundamental rights such as data privacy.

In an interview, Koen Lenaerts, a longtime judge on the European Court of Justice before being elected its president on Thursday, explained the reasoning behind scrapping Safe Harbor, a 15-year old agreement that allowed U.S. businesses to transfer Europeans’ personal data to the U.S. A victory for privacy advocates, the court’s Oct. 6 decision allows national regulators within the EU to investigate and suspend such personal-data transfers if they are found not to provide sufficient protections.
20151016_wp29_statement_on_schrems_judgement. Does your phone company track you?
This article originally appeared on ProPublica on October 31, 2014.

Wired and Forbes reported earlier this week that the two largest cell phone carriers in the United States, Verizon and AT&T, are adding the tracking number to their subscribers' Internet activity, even when users opt out. The data can be used by any site—even those with no relationship to the telecoms—to build a dossier about a person's behavior on mobile devices, including which apps they use, what sites they visit, and how long. MoPub, acquired by Twitter in 2013, bills itself as the "world's largest mobile ad exchange.
" It uses Verizon's tag to track and target cellphone users for ads, according to instructions for software developers posted on its website.

Twitter declined to comment.
Germany Ponders New Data Law That Could Hit Us Tech Firms Hard. Germany may soon require IT companies operating in the country to reveal their software source code and other proprietary data, reports WSJ.

If an upcoming ruling proposed by local politicians passes, American companies hoping to sell their products and services to the German government or tech startups and businesses in Berlin may find themselves in a quandary, as they won’t be able to uphold their promises of maintaining user data privacy when government agencies request access. The proposed bill appears to be a response to US intelligence agencies’ alleged efforts to spy on European citizens’ digital correspondence, but may also be part of numerous German companies’ plans to develop cloud services locally. Web service providers from the US, like Google and Microsoft, might have to rethink their plans for European markets if this becomes law. ➤ Berlin Weighs Possible Hit to U.S.

Browsing in privacy mode? Super Cookies can track you anyway. For years, Chrome, Firefox, and virtually all other browsers have offered a setting that doesn't save or refer to website cookies, browsing history, or temporary files. Privacy-conscious people rely on it to help cloak their identities and prevent websites from tracking their previous steps. Now, a software consultant has devised a simple way websites can in many cases bypass these privacy modes unless users take special care.

Ironically, the chink that allows websites to uniquely track people's incognito browsing is a much-needed and relatively new security mechanism known as HTTP Strict Transport Security. Websites use it to ensure that an end user interacts with their servers only when using secure HTTPS connections.
Microsoft ordered to give US customer e-mails stored abroad. A federal judge ruled Thursday that Microsoft must hand over e-mails stored on an overseas server to US authorities.

The case gives the Obama administration approval to reach into servers abroad. "It is a question of control, not a question of the location of that information," US District Judge Loretta Preska ruled in a closely followed legal flap.
European Parliament Approves EU Data Protection Regulation Draft. The European Parliament has voted to approve the draft text of the Data Protection Regulation, which is expected to become European law in the near future.

The document gives more power to the users of online services, proposes stronger safeguards for EU citizens’ data that gets transferred abroad, and considerably increases the fines that can be imposed on companies that break the rules. The draft of the Regulation was approved by overwhelming majority, with 621 member of the European parliament voting in favour, and only ten against.
Data brokers outpace regulators as they mine new technologies. Data brokers outpace regulators as they mine new technologies. DB - Privacy icons. Publications Compete Settles Privacy Complaint By FTC 10/23. Market research company Compete has agreed to destroy data about Web users gathered before February 2010 in order to settle charges that it unlawfully collected information, the Federal Trade Commission said on Monday. The settlement agreement also prohibits the company from misrepresenting its data collection and security practices in the future.

Compete also agreed to biennial audits for the next 20 years. If accepted, the settlement would resolve a Federal Trade Commission complaint charging Compete with deceiving users by failing to reveal its broad data collection practices.
Internet advertising: getting message over. I'm Being Followed: How Google—and 104 Other Companies—Are Tracking Me on the Web - Alexis Madrigal - Technology. Who are these companies and what do they want from me? A voyage into the invisible business that funds the web. This morning, if you opened your browser and went to NYTimes.com, an amazing thing happened in the milliseconds between your click and when the news about North Korea and James Murdoch appeared on your screen.

Data from this single visit was sent to 10 different companies, including Microsoft and Google subsidiaries, a gaggle of traffic-logging sites, and other, smaller ad firms. Nearly instantaneously, these companies can log your visit, place ads tailored for your eyes specifically, and add to the ever-growing online file about you. There's nothing necessarily sinister about this subterranean data exchange: this is, after all, the advertising ecosystem that supports free online content.
Max Schrems: The Austrian Thorn In Facebook's Side. Políticas y principios.